DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

/usr/man/cat.l/set_session_authorization.l.Z(/usr/man/cat.l/set_session_authorization.l.Z)

NAME

       SET  SESSION  AUTHORIZATION  -  set the session user identifier and the
       current user identifier of the current session

SYNOPSIS

       SET [ SESSION | LOCAL ] SESSION AUTHORIZATION username
       SET [ SESSION | LOCAL ] SESSION AUTHORIZATION DEFAULT
       RESET SESSION AUTHORIZATION

DESCRIPTION

       This command sets the session user  identifier  and  the  current  user
       identifier  of the current SQL-session context to be username. The user
       name may be written as either an identifier or a string literal.  Using
       this  command,  it  is  possible, for example, to temporarily become an
       unprivileged user and later switch back to become a superuser.

       The session user identifier  is  initially  set  to  be  the  (possibly
       authenticated) user name provided by the client. The current user iden-
       tifier is normally equal to the session user identifier, but may change
       temporarily  in  the context of ``setuid'' functions and similar mecha-
       nisms. The current user identifier is relevant for permission checking.

       The  session user identifier may be changed only if the initial session
       user (the authenticated user) had the superuser  privilege.  Otherwise,
       the  command  is  accepted  only if it specifies the authenticated user
       name.

       The SESSION and LOCAL modifiers act the same as  for  the  regular  SET
       [set(l)] command.

       The  DEFAULT and RESET forms reset the session and current user identi-
       fiers to be the originally authenticated user name. These forms may  be
       executed by any user.

EXAMPLES

       SELECT SESSION_USER, CURRENT_USER;

        session_user | current_user
       --------------+--------------
        peter        | peter

       SET SESSION AUTHORIZATION 'paul';

       SELECT SESSION_USER, CURRENT_USER;

        session_user | current_user
       --------------+--------------
        paul         | paul

COMPATIBILITY

       The  SQL  standard  allows some other expressions to appear in place of
       the literal username which are not important  in  practice.  PostgreSQL
       allows identifier syntax ("username"), which SQL does not. SQL does not
       allow this command during a transaction; PostgreSQL does not make  this
       restriction  because there is no reason to. The privileges necessary to
       execute this command are left implementation-defined by the standard.

SQL - Language Statements         2003-11-02      SET SESSION AUTHORIZATION(l)
Man(1) output converted with man2html